Search results for 'net'
Hook interrupt descriptor table
Hooking interrupt table is very interesting thing
with it you can dissallow some operations to be made or watch what
happening in system. This article is more like review and more tehnical
description is in link 1
First thing that we should know that it will done trought kernel module
there is 2 commands for loading and unloading modules
insmod
and
rmmod
there is way how we can check system call addresses and position of syscall
table
grep sys_call_table /proc/kallsyms
grep system_call /proc/kallsyms
also we can use it for detecting our module functions and syscall addreses
grep sys_write /proc/kallsyms
or if we whant check out module functions
grep hook_idt /proc/kallsyms
We will now try to hook sys_mkdir. I usualy using some minimalistic
windowmanagers but some browsers or other GUIsh programs like such directories
"Download" or "Desktop" all my directories in ~/ is lowercase and I realy hate
anoying "Download" and "Desktop" directories that are made without my permission
and for my lowercase /home directory style is agly. With this hook they will
be denied to make such thing.
Out kernel module consist of such functions:
static int __init hook_init(void) //stufff on module init,idt hooking
static void __exit hook_exit(void) //stuff on module exit, restore idt table
asmlinkage long hooked_mkdir(const char *filename, mode_t mode) //our hook function
//how works this functions you can find in link number 1
void *get_writable_sct(void *sct_addr)
void *get_syscall_table(void)
Basic hooked function is:
asmlinkage long hooked_mkdir(const char *filename, mode_t mode)
{
return mkdir(filename, mode);
}
but now we need to add check for ("Desktop","Download"). First we need some error
that will returned when some one whant to make bad directory
we will use EACCES error.
here is modified functions for out task:
//hook mkfile command
asmlinkage long hooked_mkdir(const char *filename, mode_t mode)
{
//it will disallow all files that starts with Desktop&&Download
if (((strncmp(filename,"Desktop",7) == 0) && (strlen(filename) == 7)) ||
((strncmp(filename,"Download",8) == 0) && (strlen(filename) == 8)))
{
printk(KERN_INFO "Mkdir hook\n");
return EACCES;
}
return real_mkdir(filename, mode);
}
For module compiling:
make
This is tested with kernel version 2.6.38
Links:
[1] http://codenull.net/articles/kmh_en.html
[2] http://www.gadgetweb.de/linux/40-how-to-hijacking-the-syscall-table-on-latest-26x-kernel-systems.html
Mood text in skype is simple and not very interactive. Trought skype api there can be done some animations.First step was to test set mood text trought api.Here is script that directly sends to skype Skype commnd for setting rich mood text. Linux dont support latest skype Protocol 7 (API version 3.0) but on Win there everything words ok. Here you type in commandline
./setrichmood.py "New mood"
and rich mood text changed
import sys
import os
import Skype4Py
skype = Skype4Py.Skype()
skype.Attach()
if len(sys.argv) == 2:
if os.path.exists( sys.argv[1] ):
f = open( sys.argv[1] , "r" )
s = unicode(f.read())
f.close()
c = skype.Command( "SET PROFILE RICH_MOOD_TEXT "+s )
skype.SendCommand( c )
else:
s = unicode(sys.argv[1])
c = skype.Command( "SET PROFILE RICH_MOOD_TEXT "+s )
skype.SendCommand( c )
Why I it call rich mood text? because it support some xml like commands.from skype api there is such commands
Example:
//------------------------------------------------------------------
// For purpose of bit conservation we omit feedback notifications
SET PROFILE RICH_MOOD_TEXT Smiley: <ss type="smile">:-)</ss>
SET PROFILE RICH_MOOD_TEXT <font color="#ff0010">Red text</font>
SET PROFILE RICH_MOOD_TEXT <blink>Blinking text</blink>
SET PROFILE RICH_MOOD_TEXT <b>Bold text</b>
SET PROFILE RICH_MOOD_TEXT <i>Italics</i>
SET PROFILE RICH_MOOD_TEXT <u>Underlined</u>
SET PROFILE RICH_MOOD_TEXT First lineSecond lineThird line
<ss type="smile"></ss> also accepts following smileys:
* smile, sad, laugh, cool, surprised, wink, cry, sweat, speechless, kiss, tongueout, blush, wonder, sleepy, snooze, dull, inlove, talk, yawn, puke, doh, angry, wasntme, party, worry, mmm, nerdy, lipssealed, hi, call, devil, angel, envy, wait, hug, makeup, giggle, clap, think, bow, rofl, whew, happy, smirk, nod, shake, punch, emo, no, yes, handshake, skype, heart, brokenheart, mail, flower, rain, sun, time, music, movie, phone, coffee, pizza, cash, muscle, beer, drink, dance, ninja, star, mooning, finger, bandit, smoke, toivo, rock, headbang, poolparty, swear, bug, fubar, tmi. I have tryed use them one inside other but it doesnt worked.How there can be made animations? Here is very simple example that reads from file linesand after time delay shows lines.
./moodanime.py anime.xml
Here is new peace of script:
import sys
import os
import Skype4Py
import time
skype = Skype4Py.Skype()
skype.Attach()
s = []
if os.path.exists( sys.argv[1] ):
f = open( sys.argv[1] , "r" )
for line in f:
s.append(line)
f.close()
while True:
for frame in s:
c = skype.Command( "SET PROFILE RICH_MOOD_TEXT "+frame )
skype.SendCommand( c )
time.sleep( 1 )
as example file can be:
____Bonanza____
___#Bonanza#___
__##Bonanza##__
_###Bonanza###_
####Bonanza####
_###Bonanza###_
__##Bonanza##__
___#Bonanza#___
And now everything works fine. I have tested this scipts with python2.7 and on ArchLinux. If there is some problems try static or dynamic skype from skype download page
Main idea was to replace compiled in function with some other code and run it.In default it is not possible. If you try to write some bytes withmemcpy() in function location then segfault happens. Why? Programm has different segments and they used for different program purpose.Our code belongs to readonly-executable segment. And '.text' section We can se it with
readelf -S main -l
in previos post there was program that can be used to make segment writable.After running
./textwriteble main
now segment with '.text' section becomes writable. When we try use memcpy() there is no segfault now.Second thing is how to make our function that will replace compiled in functionposition independent for some data inside function? First of all we should know our current position.It is in eip register. push eip? mov eax, eip? it doesnt work. When we use call in stack is saved return address. Now with this small functionit can be saved in some location
get_ip:
mov ecx, [esp]
retAt this moment we have converted segment to writable.Have writen position detection function. If there would be data that will used in replaced function than need detectposition of that data. For example we will usemov eax, sys_call ;we will use SYS_WRITE = 5
mov ebx, output_id ; output on terminal is STDOUT 1
mov ecx, pointer_to_msg
mov edx, size_of_msg
int 80h
if this was ordinary situation then define:msg db "Hello",10
msg_size = $-msg
and our code becomesmov eax, SYS_WRITE
mov ebx, STDOUT
mov ecx, msg
mov edx, msg_size
int 80h
but how to know position of msg if you dont know position where function will placed?Use function get_it and you will know current instruction position. And it will next instructionaftercall get_ip
Our code becomescall get_ip ;calling and detecting eip
saved_ip: ;position that will be saved
jmp get_ip_end ;jump over function
get_ip:
mov ecx, [esp] ;save return eip
ret
get_ip_end:
mov eax, SYS_WRITE
mov ebx, STDOUT
add ecx, msg-saved_ip ;offset of msg
mov edx, msg_size
int 80hECX has position independent pointer to our text.For testing purposes function fun() is filled withasm(".byte 0x90, ... ,0x90");hex 0x90 translates in nop instruction.nop is No OPeration instruction.And function does nothing.Function fun() containspush ebp
mov ebp, esp
start_overwrite_here:
nop
...
...
...
nop
pop ebp
ret
Nop instructions can be replaced with any binary code.There should be enought nop instructions for our binary code.There is no check on function size that way when overwriting can be problemsif binary code size is larger then function size.Start function overwriting at position (&fun+3) witn memcpy()push ebp
mov ebp, esp
start_overwrite_here:
nop
...
...
...
nop
pop ebp
ret
Wuala function after enabling segment can be overwriten. Here is used previous expirienceand we have mega trick with function replacment.
Compile:
make
Source
Linkage:
[1] http://www.unixwiz.net/techtips/win32-callconv-asm.html
[2] http://www.programmersheaven.com/mb/x86_asm/357735/357735/get-the-value-of-eip/
[3] http://toku.es/2010/06/text-writable/
[4] http://main.lv/posts/view/elf-text-section
[5] http://main.lv/posts/view/linux-assembler-hello-world
Good fellow asked me to write some script that will help him to turn on/off passway to global network. There was used linksys machine for controlling such stuffHere is some code that login, change some rulles and logout. Also pygtk script that doit in visual way
from linksys import *
ls = LinkSys( "http://192.168.1.1/" )
ls.login( "admin" , "admin" )
ls.setip( STATIC_IP , "gateway" , 10 , 66 , 66 , 66 )
ls.setip( STATIC_IP , "subnet" , 255 , 255 , 255 , 0 )
if ls.response():
print "Succes"
else:
print "O_O AIam BAd GUy -^-"
ls.logout()
Everything was writen in early 2009. I have tested at that days. Now I don't have linksys machine to test it.
Source
Library with 2D vector functions.I have tested this library with
ChipMunk vector and with
VL vectors
My implementation performs some +% in speed.
Source
2010-01-16
About
Contact:
dos21h.......gmail.....
I am often seen in
irc.idlemonkeys.net/6667
#wechall
feel free to ask something
Research in ARP protocol. Watch ARP packets , count them and show in list.
Usage:
./arpsni eth0
Version 0.1
[2009nov30]
ArpSni.0.1
There are some simple things that can be done to make C executables as small as possible.
Here is some example code we will work with:
#include <SDL/SDL.h>
char quit = 0;
int main()
{
SDL_Surface *screen,surface;
SDL_Event e;
SDL_Init( SDL_INIT_VIDEO );
screen = SDL_SetVideoMode( 400, 400, 32, SDL_SWSURFACE );
while(!quit)
while(SDL_PollEvent(&e)>0)
{
if(e.type==SDL_MOUSEBUTTONDOWN) quit=1;
if(e.type==SDL_KEYDOWN) quit=1;
}
SDL_Quit();
}
Compile:
gcc main.c -o main -lSDL
Size before: 5326 bytes
Execute command:
strip main
strip is included in most unix systems. It deletes some info symbols from executables
Size after: 3532 bytes
You can also try sstrip which is advanced version of strip. You can download it from ELF kickers webpage.
Execute command:
sstrip main
Size after: 1960 bytes
There are some others way to decrease size of programm.
GC Masher Allows to bruteforce gcc options for smaller executable size.
I where using this options for gcsmaher
-O -O0 -O1 -O2 -O3 -Os
-ffast-math
-fomit-frame-pointer
-fauto-inc-dec
-mpush-args
-mno-red-zone
-mstackrealign
After runnig with this options executble size is 5175 bytes and best compiling options are all posible combination.
Combining with sstrip gives 1960 bytes. And there size where not reduced but some time there can be saved some bytes.Now we will change main function with
void _start()
and return change to
asm ( \
"movl $1,%eax\n" \
"xor %ebx,%ebx\n" \
"int $128\n" \
);
One other thing is to archive your executable and cat it with unpack shell script.
a=/tmp/I;tail -n+2 $0|zcat>$a;chmod +x $a;$a;rm $a;exit
Best options and smallest size now is 563 byte. Nope this is not smallest size try to rename executable name to one symbol and you will get 4 extra bytes.
gcc -Os -ffast-math -fomit-frame-pointer
-fauto-inc-dec -mpush-args -mno-red-zone -c small.c;
ld -dynamic-linker /lib/ld-linux.so.2 small.o /usr/lib/libSDL.so -o small;
strip -s -R .comment -R .gnu.version small;sstrip small;
7z a -tGZip -mx=9 small.gz small > /dev/null;
cat unpack.header small.gz > small;
chmod a+x small;rm small.gz small.o
Download Source
Rewriting all in asm gives 526 bytes Link.
Link to other resources Link1.
Author in link has 634 bytes. With his options I have 622 bytes and using gcmasher i have 606 bytes. I have used his source in this compare.
Script that checks and writes (in case of change) status of Skype users to the SQLite database. Communication with Skype is done via Skype4Py module.
Use:
Create database file:
python SetDB.py
Run Skype Status check:
python CheckStatus.py
Generate Hourly statistics:
Webster
Optimisations manuals
Linux Assembly
Links on russian
FreeBSD with FASM
FASM+OpenGL
FASM
It is flat assembler it is simple and fast. I like to use it because it don't have to many options when compiling.
Download Place for FASM
LD
It is GNU linker how it can be used described in man pages
GCC C
GCC C compiler will help when we using libc or using both asm and C.
HEXDUMP
hexdump will help see what is inside files.
Disassembler
You can select anyone. Iam using HTE.
Download Place for HTE